From: Anton Mikanovich <amikan@ilbers.de>
To: isar-users@googlegroups.com
Cc: Anton Mikanovich <amikan@ilbers.de>
Subject: [PATCH v6 10/21] meta: mark network and sudo tasks
Date: Tue, 13 Dec 2022 15:52:54 +0300 [thread overview]
Message-ID: <20221213125305.10984-11-amikan@ilbers.de> (raw)
In-Reply-To: <20221213125305.10984-1-amikan@ilbers.de>
Network access from tasks is now disabled by default. This means that
tasks accessing the network need to be marked as such with the network
flag.
The same marking is also required for the tasks used sudo.
Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
---
meta/classes/base.bbclass | 1 +
meta/classes/dpkg-base.bbclass | 6 ++++++
meta/classes/image-locales-extension.bbclass | 2 ++
meta/classes/image-tools-extension.bbclass | 1 +
meta/classes/image.bbclass | 4 ++++
meta/classes/imagetypes_container.bbclass | 1 +
meta/classes/imagetypes_wic.bbclass | 1 +
meta/classes/rootfs.bbclass | 5 +++++
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 ++
9 files changed, 23 insertions(+)
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 8c874f31..109029b9 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -183,6 +183,7 @@ def isar_export_ccache(d):
do_fetch[dirs] = "${DL_DIR}"
do_fetch[file-checksums] = "${@bb.fetch.get_checksum_file_list(d)}"
do_fetch[vardeps] += "SRCREV"
+do_fetch[network] = "1"
# Fetch package from the source link
python do_fetch() {
diff --git a/meta/classes/dpkg-base.bbclass b/meta/classes/dpkg-base.bbclass
index 260aa73e..4bb71617 100644
--- a/meta/classes/dpkg-base.bbclass
+++ b/meta/classes/dpkg-base.bbclass
@@ -122,6 +122,7 @@ do_apt_fetch() {
addtask apt_fetch
do_apt_fetch[lockfiles] += "${REPO_ISAR_DIR}/isar.lock"
+do_apt_fetch[network] = "1"
# Add dependency from the correct buildchroot: host or target
do_apt_fetch[depends] += "${BUILDCHROOT_DEP}"
@@ -129,6 +130,7 @@ do_apt_fetch[depends] += "${BUILDCHROOT_DEP}"
# Add dependency from the correct schroot: host or target
do_apt_fetch[depends] += "${SCHROOT_DEP}"
+do_apt_unpack[network] = "1"
do_apt_unpack() {
rm -rf ${S}
schroot_create_configs
@@ -242,6 +244,7 @@ def isar_export_build_settings(d):
os.environ['DEB_BUILD_OPTIONS'] = isar_deb_build_options(d)
os.environ['DEB_BUILD_PROFILES'] = isar_deb_build_profiles(d)
+do_dpkg_build[network] = "1"
python do_dpkg_build() {
bb.build.exec_func('schroot_create_configs', d)
try:
@@ -292,6 +295,7 @@ deb_clean() {
}
# the clean function modifies isar-apt
do_clean[lockfiles] = "${REPO_ISAR_DIR}/isar.lock"
+do_clean[network] = "1"
do_deploy_deb() {
deb_clean
@@ -343,6 +347,7 @@ addtask devshell after do_prepare_build
DEVSHELL_STARTDIR ?= "${S}"
do_devshell[dirs] = "${DEVSHELL_STARTDIR}"
do_devshell[nostamp] = "1"
+do_devshell[network] = "1"
python do_devshell_nodeps() {
bb.build.exec_func('do_devshell', d)
@@ -353,3 +358,4 @@ python do_devshell_nodeps() {
addtask devshell_nodeps after do_prepare_build
do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}"
do_devshell_nodeps[nostamp] = "1"
+do_devshell_nodeps[network] = "1"
diff --git a/meta/classes/image-locales-extension.bbclass b/meta/classes/image-locales-extension.bbclass
index 0932630f..d5f66ec2 100644
--- a/meta/classes/image-locales-extension.bbclass
+++ b/meta/classes/image-locales-extension.bbclass
@@ -27,6 +27,7 @@ def get_nopurge(d):
ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download"
image_install_localepurge_download[weight] = "40"
+image_install_localepurge_download[network] = "1"
image_install_localepurge_download() {
sudo -E chroot '${ROOTFSDIR}' \
/usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge
@@ -34,6 +35,7 @@ image_install_localepurge_download() {
ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install"
image_install_localepurge_install[weight] = "700"
+image_install_localepurge_install[network] = "1"
image_install_localepurge_install() {
# Generate locale and localepurge configuration:
diff --git a/meta/classes/image-tools-extension.bbclass b/meta/classes/image-tools-extension.bbclass
index 101704d0..70c6eb2a 100644
--- a/meta/classes/image-tools-extension.bbclass
+++ b/meta/classes/image-tools-extension.bbclass
@@ -14,6 +14,7 @@ DEPENDS += "${IMAGER_BUILD_DEPS}"
do_install_imager_deps[depends] = "${BUILDCHROOT_DEP} isar-apt:do_cache_config"
do_install_imager_deps[deptask] = "do_deploy_deb"
do_install_imager_deps[lockfiles] += "${REPO_ISAR_DIR}/isar.lock"
+do_install_imager_deps[network] = "1"
do_install_imager_deps() {
if [ -z "${@d.getVar("IMAGER_INSTALL", True).strip()}" ]; then
exit
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 813e1f34..e15b9f74 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -291,6 +291,7 @@ python() {
task = 'do_image_%s' % bt_clean
d.setVar(task, '\n'.join(cmds))
d.setVarFlag(task, 'func', '1')
+ d.setVarFlag(task, 'network', '1')
d.appendVarFlag(task, 'prefuncs', ' set_image_size')
d.appendVarFlag(task, 'vardeps', ' ' + ' '.join(vardeps))
d.appendVarFlag(task, 'vardepsexclude', ' ' + ' '.join(vardepsexclude))
@@ -345,6 +346,7 @@ DTB_IMG = "${PP_DEPLOY}/${@(d.getVar('DTB_FILES').split() or [''])[0]}"
do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}"
do_copy_boot_files[lockfiles] += "${DEPLOY_DIR_IMAGE}/isar.lock"
+do_copy_boot_files[network] = "1"
do_copy_boot_files() {
kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])"
if [ ! -f "$kernel" ]; then
@@ -393,6 +395,7 @@ python do_deploy() {
}
addtask deploy before do_build after do_image
+do_rootfs_finalize[network] = "1"
do_rootfs_finalize() {
sudo -s <<'EOSUDO'
set -e
@@ -436,6 +439,7 @@ addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess
ROOTFS_QA_FIND_ARGS ?= ""
+do_rootfs_quality_check[network] = "1"
do_rootfs_quality_check() {
rootfs_install_stamp=$( ls -1 "${STAMP}".do_rootfs_install* | head -1 )
test -f "$rootfs_install_stamp"
diff --git a/meta/classes/imagetypes_container.bbclass b/meta/classes/imagetypes_container.bbclass
index 436a0051..ba09bebf 100644
--- a/meta/classes/imagetypes_container.bbclass
+++ b/meta/classes/imagetypes_container.bbclass
@@ -19,6 +19,7 @@ python() {
t_clean = t.replace('-', '_').replace('.', '_')
d.setVar('IMAGE_CMD_' + t_clean, 'convert_container %s "${CONTAINER_IMAGE_NAME}" "${IMAGE_FILE_HOST}"' % t)
d.setVar('IMAGE_FULLNAME_' + t_clean, '${PN}-${DISTRO}-${DISTRO_ARCH}')
+ d.appendVarFlag('do_containerize', 'network', '1')
bb.build.addtask('containerize', 'do_image_' + t_clean, 'do_image_tools', d)
}
diff --git a/meta/classes/imagetypes_wic.bbclass b/meta/classes/imagetypes_wic.bbclass
index 3869525b..cb4917a2 100644
--- a/meta/classes/imagetypes_wic.bbclass
+++ b/meta/classes/imagetypes_wic.bbclass
@@ -134,6 +134,7 @@ python do_rootfs_wicenv () {
addtask do_rootfs_wicenv after do_rootfs before do_image_wic
do_rootfs_wicenv[vardeps] += "${WICVARS}"
do_rootfs_wicenv[prefuncs] = 'set_image_size'
+do_rootfs_wicenv[network] = "1"
check_for_wic_warnings() {
WARN="$(grep -e '^WARNING' ${T}/log.do_image_wic || true)"
diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass
index 786682d9..3f30bc2e 100644
--- a/meta/classes/rootfs.bbclass
+++ b/meta/classes/rootfs.bbclass
@@ -119,6 +119,7 @@ EOSUDO
ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_update"
rootfs_install_pkgs_update[weight] = "5"
rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before"
+rootfs_install_pkgs_update[network] = "1"
rootfs_install_pkgs_update() {
sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \
-o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \
@@ -144,6 +145,7 @@ rootfs_import_package_cache() {
ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_download"
rootfs_install_pkgs_download[weight] = "600"
rootfs_install_pkgs_download[isar-apt-lock] = "release-after"
+rootfs_install_pkgs_download[network] = "1"
rootfs_install_pkgs_download() {
sudo -E chroot '${ROOTFSDIR}' \
/usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES}
@@ -167,6 +169,7 @@ rootfs_install_clean_files() {
ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_install"
rootfs_install_pkgs_install[weight] = "8000"
+rootfs_install_pkgs_install[network] = "1"
rootfs_install_pkgs_install() {
sudo -E chroot "${ROOTFSDIR}" \
/usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES}
@@ -177,6 +180,7 @@ do_rootfs_install[vardeps] += "${ROOTFS_CONFIGURE_COMMAND} ${ROOTFS_INSTALL_COMM
do_rootfs_install[vardepsexclude] += "IMAGE_ROOTFS"
do_rootfs_install[depends] = "isar-bootstrap-${@'target' if d.getVar('ROOTFS_ARCH') == d.getVar('DISTRO_ARCH') else 'host'}:do_build"
do_rootfs_install[recrdeptask] = "do_deploy_deb"
+do_rootfs_install[network] = "1"
python do_rootfs_install() {
configure_cmds = (d.getVar("ROOTFS_CONFIGURE_COMMAND", True) or "").split()
install_cmds = (d.getVar("ROOTFS_INSTALL_COMMAND", True) or "").split()
@@ -269,6 +273,7 @@ rootfs_export_dpkg_status() {
}
do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}"
+do_rootfs_postprocess[network] = "1"
python do_rootfs_postprocess() {
# Take care that its correctly mounted:
bb.build.exec_func('rootfs_do_mounts', d)
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index b9ae16cd..aba5e996 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -223,6 +223,7 @@ DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg"
do_generate_keyrings[cleandirs] = "${APT_KEYS_DIR}"
do_generate_keyrings[dirs] = "${DL_DIR}"
do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS THIRD_PARTY_APT_KEYS"
+do_generate_keyrings[network] = "1"
do_generate_keyrings() {
if [ -n "${@d.getVar("THIRD_PARTY_APT_KEYFILES", True) or ""}" ]; then
chmod 777 "${APT_KEYS_DIR}"
@@ -278,6 +279,7 @@ do_bootstrap[vardeps] += " \
"
do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP}"
do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config"
+do_bootstrap[network] = "1"
do_bootstrap() {
if [ "${ISAR_ENABLE_COMPAT_ARCH}" = "1" ]; then
--
2.17.1
next prev parent reply other threads:[~2022-12-13 12:53 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-13 12:52 [PATCH v6 00/21] Migrate to Bitbake 2.0 Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 01/21] meta: change deprecated parse calls Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 02/21] scripts/contrib: Add override conversion script Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 03/21] scripts/contrib: configure " Anton Mikanovich
2022-12-16 14:38 ` Henning Schild
2022-12-16 14:49 ` Anton Mikanovich
2022-12-16 15:00 ` Henning Schild
2022-12-13 12:52 ` [PATCH v6 04/21] meta-isar: set default branch names Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 05/21] meta: remove non recommended syntax Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 06/21] bitbake: Update to Bitbake 2.0.5 Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 07/21] doc: require zstd tool Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 08/21] meta: update bitbake variables Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 09/21] bitbake.conf: align hash vars with openembedded Anton Mikanovich
2022-12-13 12:52 ` Anton Mikanovich [this message]
2022-12-16 14:49 ` [PATCH v6 10/21] meta: mark network and sudo tasks Henning Schild
2022-12-16 14:52 ` Anton Mikanovich
2022-12-16 15:04 ` Henning Schild
2022-12-16 15:09 ` Schmidt, Adriaan
2022-12-16 15:27 ` Henning Schild
2022-12-13 12:52 ` [PATCH v6 11/21] meta: update overrides syntax Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 12/21] sstate: update bbclass Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 13/21] bitbake.conf: declare default XZ and ZSTD options Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 14/21] Revert "devshell: Use different termination test to avoid warnings" Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 15/21] meta: align with OE-core libraries update Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 16/21] Revert "Revert "devshell: Use different termination test to avoid warnings"" Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 17/21] CI: Adopt tests to syntax change Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 18/21] isar-sstate: adopt sstate maintenance script Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 19/21] RECIPE-API-CHANGELOG: Add tips after bitbake version update Anton Mikanovich
2022-12-16 15:18 ` Schmidt, Adriaan
2022-12-13 12:53 ` [PATCH v6 20/21] Revert "bitbake: Make 3.6.0 the minimum python version" Anton Mikanovich
2022-12-13 14:23 ` Schmidt, Adriaan
2022-12-16 14:33 ` Henning Schild
2022-12-16 14:45 ` Anton Mikanovich
2022-12-17 3:55 ` Moessbauer, Felix
2022-12-19 7:37 ` Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 21/21] Revert "utils/ply: Change md5 usages to work on FIPS enabled hosts" Anton Mikanovich
2022-12-16 14:57 ` [PATCH v6 00/21] Migrate to Bitbake 2.0 Henning Schild
2022-12-16 15:19 ` Schmidt, Adriaan
2022-12-23 18:10 ` Anton Mikanovich
2022-12-19 7:44 ` Moessbauer, Felix
2022-12-20 6:16 ` Anton Mikanovich
2022-12-20 19:33 ` Roberto A. Foglietta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221213125305.10984-11-amikan@ilbers.de \
--to=amikan@ilbers.de \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox